Changes between Version 5 and Version 6 of Ticket #39941, comment 31
- Timestamp:
- 03/22/2019 09:14:41 PM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #39941, comment 31
v5 v6 7 7 > By the way, the proof-of-concept plugin I mentioned in the description of the report is here now as I changed my github username: https://gist.github.com/mallorydxw/e2aee45ad5cb2a309c6bd0fc213efb97 8 8 9 This is even worse! Now they don't even have to find templated js that explicitly requests a nonce nor request one themselves... now even existing WordPress XSS exploits can take advantage of itand future exploits don't have to ask for the nonce specifically.9 This would be even worse! With this they don't even have to find templated js that explicitly requests a nonce nor request one themselves... even existing WordPress XSS exploits can take advantage and future exploits don't have to ask for the nonce specifically.